---
page_title: "cloudflare_rate_limit Resource - Cloudflare"
subcategory: ""
description: |-
  Provides a Cloudflare rate limit resource for a given zone. This can
  be used to limit the traffic you receive zone-wide, or matching more
  specific types of requests/responses.
---

# cloudflare_rate_limit (Resource)

Provides a Cloudflare rate limit resource for a given zone. This can
be used to limit the traffic you receive zone-wide, or matching more
specific types of requests/responses.

## Example Usage

```terraform
resource "cloudflare_rate_limit" "example" {
  zone_id   = "0da42c8d2132a9ddaf714f9e7c920711"
  threshold = 2000
  period    = 2
  match {
    request {
      url_pattern = "${var.cloudflare_zone}/*"
      schemes     = ["HTTP", "HTTPS"]
      methods     = ["GET", "POST", "PUT", "DELETE", "PATCH", "HEAD"]
    }
    response {
      statuses       = [200, 201, 202, 301, 429]
      origin_traffic = false
      headers = [
        {
          name  = "Host"
          op    = "eq"
          value = "localhost"
        },
        {
          name  = "X-Example"
          op    = "ne"
          value = "my-example"
        }
      ]
    }
  }
  action {
    mode    = "simulate"
    timeout = 43200
    response {
      content_type = "text/plain"
      body         = "custom response body"
    }
  }
  correlate {
    by = "nat"
  }
  disabled            = false
  description         = "example rate limit for a zone"
  bypass_url_patterns = ["example.com/bypass1", "example.com/bypass2"]
}
```
<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `action` (Block List, Min: 1, Max: 1) The action to be performed when the threshold of matched traffic within the period defined is exceeded. (see [below for nested schema](#nestedblock--action))
- `period` (Number) The time in seconds to count matching traffic. If the count exceeds threshold within this period the action will be performed.
- `threshold` (Number) The threshold that triggers the rate limit mitigations, combine with period.
- `zone_id` (String) The zone identifier to target for the resource. **Modifying this attribute will force creation of a new resource.**

### Optional

- `bypass_url_patterns` (Set of String)
- `correlate` (Block List, Max: 1) Determines how rate limiting is applied. By default if not specified, rate limiting applies to the clients IP address. (see [below for nested schema](#nestedblock--correlate))
- `description` (String) A note that you can use to describe the reason for a rate limit. This value is sanitized and all tags are removed.
- `disabled` (Boolean) Whether this ratelimit is currently disabled. Defaults to `false`.
- `match` (Block List, Max: 1) Determines which traffic the rate limit counts towards the threshold. By default matches all traffic in the zone. (see [below for nested schema](#nestedblock--match))

### Read-Only

- `id` (String) The ID of this resource.

<a id="nestedblock--action"></a>
### Nested Schema for `action`

Required:

- `mode` (String) The type of action to perform. Available values: `simulate`, `ban`, `challenge`, `js_challenge`, `managed_challenge`.

Optional:

- `response` (Block List, Max: 1) Custom content-type and body to return, this overrides the custom error for the zone. This field is not required. Omission will result in default HTML error page. (see [below for nested schema](#nestedblock--action--response))
- `timeout` (Number) The time in seconds as an integer to perform the mitigation action. This field is required if the `mode` is either `simulate` or `ban`. Must be the same or greater than the period.

<a id="nestedblock--action--response"></a>
### Nested Schema for `action.response`

Required:

- `body` (String) The body to return, the content here should conform to the `content_type`.
- `content_type` (String) The content-type of the body. Available values: `text/plain`, `text/xml`, `application/json`.



<a id="nestedblock--correlate"></a>
### Nested Schema for `correlate`

Optional:

- `by` (String) If set to 'nat', NAT support will be enabled for rate limiting. Available values: `nat`.


<a id="nestedblock--match"></a>
### Nested Schema for `match`

Optional:

- `request` (Block List, Max: 1) Matches HTTP requests (from the client to Cloudflare). (see [below for nested schema](#nestedblock--match--request))
- `response` (Block List, Max: 1) Matches HTTP responses before they are returned to the client from Cloudflare. If this is defined, then the entire counting of traffic occurs at this stage. (see [below for nested schema](#nestedblock--match--response))

<a id="nestedblock--match--request"></a>
### Nested Schema for `match.request`

Optional:

- `methods` (Set of String) HTTP Methods to match traffic on. Available values: `GET`, `POST`, `PUT`, `DELETE`, `PATCH`, `HEAD`, `_ALL_`.
- `schemes` (Set of String) HTTP schemes to match traffic on. Available values: `HTTP`, `HTTPS`, `_ALL_`.
- `url_pattern` (String) The URL pattern to match comprised of the host and path, i.e. example.org/path. Wildcard are expanded to match applicable traffic, query strings are not matched. Use _ for all traffic to your zone.


<a id="nestedblock--match--response"></a>
### Nested Schema for `match.response`

Optional:

- `headers` (List of Map of String) List of HTTP headers maps to match the origin response on.
- `origin_traffic` (Boolean) Only count traffic that has come from your origin servers. If true, cached items that Cloudflare serve will not count towards rate limiting.
- `statuses` (Set of Number) HTTP Status codes, can be one, many or indicate all by not providing this value.

## Import

Import is supported using the following syntax:

```shell
$ terraform import cloudflare_rate_limit.example <zone_id>/<rate_limit_id>
```
